Permissions, Privileges, and Access Controls in SHIELD TV - CVE-2021-34404
Published: January 12, 2022
Vulnerability identifier: #VU59557
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-34404
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
SHIELD TV
SHIELD TV
Software vendor:
nVidia
nVidia
Description
The vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to failure to limit access AHB-DMA in BROM, as distributed with Android images for T210 provided by NVIDIA. An attacker with physical access to device execute arbitrary actions beyond the security scope of BROM.
Remediation
Install updates from vendor's website.